Home Malware Programs Ransomware Aperfectday2018 Ransomware

Aperfectday2018 Ransomware

Posted: November 6, 2018

The Aperfectday2018 Ransomware is a file-locking Trojan that encrypts your PC's documents, pictures, and other media, edits their names, and creates text messages that ask for payment for the unlocking code. Victims of these attacks should explore all other solutions before paying for a criminal's help with decrypting a content that could be recoverable by free methods. Most anti-malware products have means of detecting and removing the Aperfectday2018 Ransomware, and other threats like it before they harm your files.

A Not-So-Perfect Day for Someone without Backups

The usual case of a file-locker Trojan is a threat with a campaign that spans the entire globe, or, at least, broad regions of it, such as Europe, Asia or North America. However, some threat actors, whether as a personal preference or due to other motivations for targeting niches, will isolate their attacks to a much narrower scale than that, which readers can observe with the Aperfectday2018 Ransomware. Malware researchers have yet to determine if the Aperfectday2018 Ransomware belongs to a family like Hidden Tear or a RaaS business, but its display of data-locking behavior is equivalent to either of these two for damage potential.

The Aperfectday2018 Ransomware is targeting Swedish PC users, with the only infections from that nation and its ransoming demands equally tailored to the Swedish currency. The file-locker Trojan uses what early reports are estimating is a variant of an AES algorithm for locking Notepad text files, pictures, archives and additional media formats. Unlike most Trojans of its payload type, the Aperfectday2018 Ransomware doesn't add new extensions, but malware researchers can verify it adding '(enc)' strings at the beginning of the filename.

Similarly to the average revamp of Hidden Tear or families like the Scarab Ransomware, the Aperfectday2018 Ransomware creates a Notepad-format ransom note on the desktop. This message contains a demand for Bitcoins (which the threat actor expresses in Swedish krona) for his decryption key, along with a five-day deadline. Malware researchers have yet to confirm anyone's paying to the wallet in question and recommend avoiding doing so without exhausting every other avenue for data retrieval.

Perfect File Solutions without Paying Swedish Trojans

Free decryption utilities from various cyber-security companies and researchers are available for counteracting the encryption damages of threats like Hidden Tear, but these services have no guarantees of working. Users should have backups of their work secured on other devices or servers for keeping the Aperfectday2018 Ransomware from locking anything that isn't retrievable. Although Windows does make default backups, these fail-safes are high-priority targets for being deleted by file-locking Trojans.

With little data on its victims, malware researchers remain hesitant about ruling out any infection exploits that the Aperfectday2018 Ransomware campaign could use. E-mail attachments targeting business employees, brute-force attacks against server admin logins, and torrents for compromising random victims are some examples of infection strategies for this year. PCs with anti-malware services can delete the Aperfectday2018 Ransomware before its encryption feature initiates or remove the Trojan afterward safely, but not unlock your files.

Why the Aperfectday2018 Ransomware only is expecting to collect ransoms from residents of Sweden is a question that has yet to have an adequate answer. Whatever the threat actor's reasoning, the Aperfectday2018 Ransomware is another addition to a pool of file-locking Trojans that are capable of harming the files of Windows users, no matter where they're living.

Loading...